Welcome to the OWASP Testing Guide 3.0

OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list:

Version 3.0

The OWASP Testing Guide Version 3 improves version 2 and creates new sections and controls. This new version has added:
• Configuration Management and Authorization Testing sections and Encoded Injection Appendix;
• 36 new articles (1 taken from the BSP);
Version 3 improved 9 articles, for a total of 10 Testing categories and 66 controls.

Copyright and License

Revision History

The Testing Guide v3 was released in November 2008. The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo Meucci has taken on the Testing guide and is now the lead of the OWASP Testing Guide Project.